本頁面中的部分或全部資訊可能不適用於 Trusted Cloud by S3NS。
角色和權限
Trusted Cloud by S3NS 提供「身分與存取權管理」(IAM) 功能,可讓您以更精細的方式授予使用者特定Trusted Cloud 資源的存取權,避免其他資源遭到未經授權者擅自存取。本頁面說明 Service Directory API 角色。如需 IAM 的詳細說明,請參閱 IAM 說明文件 。
您可以使用 IAM 採用最低權限安全性原則 ,只授予必要的資源存取權限。
設定身分與存取權管理政策後,即可控管「哪些人」
權限與角色
每個 Service Directory API 方法都會要求呼叫者具備必要的 IAM 權限,您可以將角色授予使用者、群組或服務帳戶,藉此指派權限。除了基本擁有者、編輯者和檢視者角色外,您還可以將 Service Directory API 角色授予專案使用者。
權限
您可以在服務目錄的 API 參考說明文件 中,查看每個方法所需的權限。
角色
Role
Permissions
Service Directory Admin
(roles/servicedirectory.admin )
Full control of all Service Directory resources and permissions.
resourcemanager.projects.get
resourcemanager.projects.list
servicedirectory.endpoints.*
servicedirectory.endpoints.create servicedirectory.endpoints.delete servicedirectory.endpoints.getservicedirectory.endpoints.getIamPolicy servicedirectory.endpoints.list servicedirectory.endpoints.setIamPolicy servicedirectory.endpoints.update
servicedirectory.locations.*
servicedirectory.locations.getservicedirectory.locations.list
servicedirectory.namespaces.*
servicedirectory.namespaces.associatePrivateZone servicedirectory.namespaces.create servicedirectory.namespaces.delete servicedirectory.namespaces.get servicedirectory.namespaces.getIamPolicy servicedirectory.namespaces.list servicedirectory.namespaces.setIamPolicy servicedirectory.namespaces.update
servicedirectory.networks.attach
servicedirectory.services.*
servicedirectory.services.bindservicedirectory.services.create servicedirectory.services.delete servicedirectory.services.getservicedirectory.services.getIamPolicy servicedirectory.services.listservicedirectory.services.resolve servicedirectory.services.setIamPolicy servicedirectory.services.update
Service Directory Editor
(roles/servicedirectory.editor )
Edit Service Directory resources.
resourcemanager.projects.get
resourcemanager.projects.list
servicedirectory.endpoints.create
servicedirectory.endpoints.delete
servicedirectory.endpoints.get
servicedirectory.endpoints.getIamPolicy
servicedirectory.endpoints.list
servicedirectory.endpoints.update
servicedirectory.locations.*
servicedirectory.locations.getservicedirectory.locations.list
servicedirectory.namespaces.associatePrivateZone
servicedirectory.namespaces.create
servicedirectory.namespaces.delete
servicedirectory.namespaces.get
servicedirectory.namespaces.getIamPolicy
servicedirectory.namespaces.list
servicedirectory.namespaces.update
servicedirectory.networks.attach
servicedirectory.services.bind
servicedirectory.services.create
servicedirectory.services.delete
servicedirectory.services.get
servicedirectory.services.getIamPolicy
servicedirectory.services.list
servicedirectory.services.resolve
servicedirectory.services.update
Service Directory Network Attacher
(roles/servicedirectory.networkAttacher )
Gives access to attach VPC Networks to Service Directory Endpoints
resourcemanager.projects.get
resourcemanager.projects.list
servicedirectory.networks.attach
Private Service Connect Authorized Service
(roles/servicedirectory.pscAuthorizedService )
Gives access to VPC Networks via Service Directory
resourcemanager.projects.get
resourcemanager.projects.list
servicedirectory.networks.access
Service Directory Service Agent
(roles/servicedirectory.serviceAgent )
Give the Service Directory service agent access to Cloud Platform resources.
Warning: Do not grant service agent roles to any principals except
service agents .
container.clusters.get
gkehub.features.get
gkehub.gateway.delete
gkehub.gateway.generateCredentials
gkehub.gateway.get
gkehub.gateway.patch
gkehub.gateway.post
gkehub.gateway.put
gkehub.locations.*
gkehub.locations.getgkehub.locations.list
gkehub.memberships.get
gkehub.memberships.list
resourcemanager.projects.get
resourcemanager.projects.list
servicedirectory.endpoints.create
servicedirectory.endpoints.delete
servicedirectory.endpoints.get
servicedirectory.endpoints.getIamPolicy
servicedirectory.endpoints.list
servicedirectory.endpoints.update
servicedirectory.locations.*
servicedirectory.locations.getservicedirectory.locations.list
servicedirectory.namespaces.associatePrivateZone
servicedirectory.namespaces.create
servicedirectory.namespaces.delete
servicedirectory.namespaces.get
servicedirectory.namespaces.getIamPolicy
servicedirectory.namespaces.list
servicedirectory.namespaces.update
servicedirectory.networks.attach
servicedirectory.services.bind
servicedirectory.services.create
servicedirectory.services.delete
servicedirectory.services.get
servicedirectory.services.getIamPolicy
servicedirectory.services.list
servicedirectory.services.resolve
servicedirectory.services.update
Service Directory Viewer
(roles/servicedirectory.viewer )
View Service Directory resources.
resourcemanager.projects.get
resourcemanager.projects.list
servicedirectory.endpoints.get
servicedirectory.endpoints.getIamPolicy
servicedirectory.endpoints.list
servicedirectory.locations.*
servicedirectory.locations.getservicedirectory.locations.list
servicedirectory.namespaces.get
servicedirectory.namespaces.getIamPolicy
servicedirectory.namespaces.list
servicedirectory.services.get
servicedirectory.services.getIamPolicy
servicedirectory.services.list
servicedirectory.services.resolve
使用 Trusted Cloud 主控台控管存取權
您可以使用 Trusted Cloud 控制台管理登錄的存取權。
如要在專案層級設定存取權控管選項,請執行以下操作:
主控台
前往 Trusted Cloud 控制台的「IAM」
前往身分與存取權管理頁面
從頂端的下拉式選單中選取專案。
按一下「新增」。
在「New principals」(新增主體)
從下拉式選單中選取所需角色:servicedirectory.admin、servicedirectory.editor 或 servicedirectory.viewer
按一下 [儲存]
確認主體是否已列出您授予的角色。
Service Directory 區域會覆寫 IAM 限制
將命名空間指派給 Service Directory 區域後,服務名稱就會顯示在所有網路上,這些網路已獲授權可查詢私人區域。DNS 不提供驗證功能,因此沒有 IAM 存取控制。
後續步驟
除非另有註明,否則本頁面中的內容是採用創用 CC 姓名標示 4.0 授權 ,程式碼範例則為阿帕契 2.0 授權 。詳情請參閱《Google Developers 網站政策 》。Java 是 Oracle 和/或其關聯企業的註冊商標。
上次更新時間:2025-08-11 (世界標準時間)。
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["缺少我需要的資訊","missingTheInformationINeed","thumb-down"],["過於複雜/步驟過多","tooComplicatedTooManySteps","thumb-down"],["過時","outOfDate","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["示例/程式碼問題","samplesCodeIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-08-11 (世界標準時間)。"],[],[]]
